Planning the Risk Management File Audit

Similar documents
We will begin the web conference shortly. When you arrive, please type the phone number from which you are calling into the chat field.

AAMI Risk Management Summit Risk Terminology and Expectations: A Regulatory Perspective

ALARP v AFAP. Figure 1 illustrates this approach. Note that the manufacturer determines the location of each of the three regions.

8 th Annual FDA Inspections Summit

CEN GUIDE 414. Safety of machinery Rules for the drafting and presentation of safety standards. Edition 3,

Case for Quality Company D. Risk Management

The Definitive Guide to ISO Risk Management for Medical Devices

Risk Analysis and Management. May 2011 ISO 14971

ISO INTERNATIONAL STANDARD. Medical devices Application of risk management to medical devices

AN INTRODUCTION TO RISK CONSIDERATION

ISO INTERNATIONAL STANDARD. Medical devices Application of risk management to medical devices

Common Safety Methods CSM

Risk Assessment for Drug Products with Device Components

ISO INTERNATIONAL STANDARD. Safety of machinery Risk assessment Part 1: Principles

Tuesday Sept 11th, 2018 AGENDA: 1. Pre-Meeting Clinic: Q&A on Risk and a Company s Risk Culture. 2. Risk Management

GUIDE IEC GUIDE 116. Guidelines for safety related risk assessment and risk reduction for low voltage equipment. colour inside. Edition 1.

Medical Device Risk Management. And Safety Cases. Copyright AAMI Single user license only. Copying, networking, and distribution prohibited.

This is a preview - click here to buy the full publication

Basics of Quality Risk Management. CBE Pty Ltd

YY/T / ISO 14971:2007 corrected version

UL Qualified Firestop Contractor Program and Requirements

Risk-Based Thinking ISO 13485:2016. Risk Management / Analysis of Risk

Classification Based on Performance Criteria Determined from Risk Assessment Methodology

DECLARATION OF CONFORMITY TO TYPE BASED ON PRODUCT VERIFICATION

Risk Acceptability. Safe Enough for Society. Frank O Brien, 30 April O Brien Compliance Management Your medical device specialists

RISK MANAGEMENT: WHAT HAVE WE LEARNED? AFDO 2009 CAPT JOSEPH L. SALYER, RS, MPH FDA, CDRH, OC

DRAFT OF MEDICAL DEVICE GUIDANCE DOCUMENT

TABLE OF CONTENTS. Annexes: I. Notification form II. Methodological framework for facilitating consistent risk estimation and evaluation

A8-0148/ AMENDMENTS by the Committee on the Internal Market and Consumer Protection

Master Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards

Medical devices Guidance on the application of ISO 14971

Concepts in Risk-based Assessment Risk in Medical Imaging Ehsan Samei, PhD. Outline. Outline 8/3/2016

UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C FORM 10-Q

Post Market Surveillance & Vigilance - the way towards harmonisation-

To err is human. Pete Davis VP of Research & Development Neomend a subsidiary of Bard Davol

UL s Medical Quality Management System Registration. Program Requirements

Best Practices in Applying Medical Device Risk. Management Terminology

Best Practices in Applying Medical Device Risk Management Terminology


Challenges of implementation. a regulatory perspective

GAMP 5 Quality Risk Management. Sion Wyn Conformity +[44] (0)

Quality Guidelines for SUPPLIERS to Schieffer International Group

DECREE. No. 23/2014 Coll. on the performance of the activities of banks, credit unions and investment firms

Official Journal of the European Union L 381/63 COMMISSION

RISK MANAGEMENT and ISO 17025:2017

Dilemmas in risk assessment

APPLICATION PACKAGE FOR LISTING AS A PROVIDER FOR WATER SERVICE CONNECTIONS (DRILLERS) TO THE MANAGING NEW DEVELOPMENTS PROCESS

Risk Assessment Policy

Medical Device Recalls, Risk Management, and Safety Assurance Cases. Introduction

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

PANAMA MARITIME AUTHORITY

DECREE. No. 163/2014 Coll. on the performance of the activities of banks, credit unions and investment firms

GS Mark Services Service Terms

INTERNATIONAL SALES REPRESENTATIVE AGREEMENT TEMPLATE

RISK MANAGEMENT LECTURE 5. Ahmed Elyamany

DRAFT SAINT LUCIA NATIONAL STANDARD DNS/ISO 31000: 2009 RISK MANAGEMENT PRINCIPLES AND GUIDELINES (ISO 31000: 2009, IDT) Stage 40 Enquiry Stage

ISO INTERNATIONAL STANDARD. Lifts (elevators), escalators and moving walks Risk assessment and reduction methodology

UL s Medical Quality Management System Registration

Quality Assurance Agreement (QAA)

September 21, Panelists: Scott Soukup, Quality Specialist, RCA Inc. Joan M. Ward, Quality Subject Matter Expert, RCA Inc.

Risk assessment and the choice of conformity assessment procedures in the EU. Nike Bönnen European Commission TBT Committee, Geneva, 13 June 2017

ATEX DIRECTIVE SERVICE TERMS

Zurich Hazard Analysis (ZHA) Introducing ZHA

Risk Management Guideline

Fundamentals of Risk Management

CO_PB_A_PAY_STC01_ENG / STTC_ /8

MODEL INTERNATIONAL ALLIANCE AGREEMENT INTERNATIONAL ALLIANCE AGREEMENT

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

European Railway Agency Recommendation on the 1 st set of Common Safety Methods (ERA-REC SAF)

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Common Safety Method (CSM) for risk assessment (Regulations 352/2009 & 402/2013)

Fortuity Management in Software Development: A Review

APPLICATION OF FORMAL SAFETY ASSESSMENT IN THE LEGAL ACTIVITY OF INTERNATIONAL MARITIME

EFTA Surveillance Authority GUIDELINES

Risk Assessment Workshop Pam Walaski, CSP, CHMM Director, Health and Safety GAI Consultants, Inc. Pittsburgh, PA

Key Elements of a Safety Program. Robert C. Warren City of Arlington

Glossary of Terms. (From 2001 IFAC Handbook of Auditing and Ethics Pronouncements)

Request for Proposal

RISK ASSESSMENT APPROACH AND ITS APPLICATION IN PHARMACEUTICAL INDUSTRY FOR PRODUCT QUALITY MANAGEMENT

Interpretations of the normative framework

UL s Quality Management System Program Requirements

UL DQS Inc. Management Systems Solutions Certification Requirements

Risk Management Policy

International Franchise Contract Template

The Aichi Bank, Ltd. Consolidated Financial Statements. March 31, 2014 and 2013

INTERNATIONAL AUDITING PRACTICE STATEMENT 1010 THE CONSIDERATION OF ENVIRONMENTAL MATTERS IN THE AUDIT OF FINANCIAL STATEMENTS

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

There are many definitions of risk and risk management.

Risk Management Relevance to PAS 55 (ISO 55000) Deciding on processes to implement risk management

Procedure: Risk management

Project Risk Management

Quality Risk Management from Concept to Practical Strategies*

Resolution No. 76/2010 of the Polish Financial Supervision Authority of 10 March 2010

The Rise (and Pitfalls) of Connected Devices January 29, 2016 Presented By Erin M. Bosman Julie Y. Park

RISK MANAGEMENT ON USACE CIVIL WORKS PROJECTS

Functional Safety Demystified

FIRST BANK OF KENTUCKY CORPORATION Maysville, Kentucky. CONSOLIDATED FINANCIAL STATEMENTS December 31, 2016 and 2015

World-wide Government Safety Reporting Requirements: A Comparison By Kenneth Ross, Bowman and Brooke LLP

PRACTICE NOTE 1010 THE CONSIDERATION OF ENVIRONMENTAL MATTERS IN THE AUDIT OF FINANCIAL STATEMENTS

Funding scheme: Erasmus+ Programme (Capacity-Building projects in the field of Higher Education (E+CBHE))

Transcription:

Planning the Risk Management File Audit This is a strategy to help prepare for a risk management file (RMF) audit. It incorporates requirements from the international standard ISO 14971:2007 as well as the EU version EN ISO 14971:2012 applied to the Medical Device Directive, MDD, as outlined in Annex ZA. Clauses from the standard are in square brackets. Information specific to the EU version is shows in braces. Abbreviations: QMS Quality Management System RMF Risk Management File RMS Risk Management System 1. Select a product that is on the market and has a sufficient time to generate postproduction information. The audited file should have enough information to verify the requirements of the standard. This means the design project is complete, the device is in production, and devices have been shipped. Note: Selecting an appropriate RMF is a balance between a product that is recent enough to have relevant design information and mature enough to have market experience data. 2. Review the risk management procedures for existence and correct approval. The procedures document the manufacturer s risk management process [3.1]. Verify that the process includes risk analysis, risk evaluation, risk control, production information, and post-production information The procedure should provide the means to implement the risk management standard using the company s own approaches and methods. As such, it should not copy the text from the standard, but include specific methods to carry out an activity or a process [2.12]. Use the procedure in parallel with the ISO 14971:2007 {EN ISO 14971:2012} to verify an effective RMS [2.22]. 3. Top management [2.26] defined and documented its policy for determining the criteria for risk acceptability [3.2]. The policy should be written and under appropriate document control. The documented policy should base the risk acceptability criteria on national or regional regulations and on relevant international standards. It should also account for the accepted state of the art [D.4] 1 and any stakeholder concerns. 1 State of the art means currently and generally accepted good practice. It could be determined by: standards used for the same or similar devices; best practices as used in other devices of the same or similar type; or results of accepted scientific research. State of the art does not necessarily mean the most technologically advanced solution. Planning the Risk Management File Audit Page 1 of 8

The criteria for risk acceptability could be a stand alone document or incorporated into the Quality Policy required by the QMS. 4. Verify that top management [2.26] ensures the assignment of qualified personnel [3.3] for risk management. This step may involve a sampling plan. The standard requires maintenance of appropriate qualification records [3.3]. Verify the record s existence and content. Determine the identity of employees assigned to the project, at any element or phase, and verify that the records show competency. Competence includes [3.3] knowledge and experience with the device and its use, knowledge and experience with the technology involved, or knowledge and experience of risk management techniques. 5. Review the Risk Management Plan [3.4] The RMF contains a written risk management plan with appropriate approvals. If the risk management plan has been revised, the revisions should be noted and approved. Verify that the plan covers the required elements of 3.4.a to 3.4.f. Verify that the plan assigns responsibility for review and the risk management report; see 3.4.b. Verify that the criteria for risk acceptability links to and implements Top Management s policy for determining criteria for risk acceptability; see 3.4.d. If the manufacturer s risk management procedure requires additional elements in the plan, verify they have been included. Note: ISO 14971:2007, 3.4.d requires at least two criteria for risk acceptability. One is for risk and residual risk resulting from hazardous situations while the other is for overall residual risk. Commonly, the criteria are not the same. 6. Risk analysis process [4.1] The RMF documents the following elements: A description and identification of the medical device that was analyzed Identification of the people and organization who carried out the risk analysis The scope and date of the risk analysis 7. Intended Use and Characteristics [4.2] The RMF documents the following elements: The intended use of the device Planning the Risk Management File Audit Page 2 of 8

Any reasonably foreseeable misuse of the device The characteristics that could affect the safety of the medical device o The characteristics could be qualitative or quantitative o The characteristics should have defined limits, where appropriate Note 1: For an RMS coupled with a QMS, verify the intended use of the device is the same in both systems, i.e., 21 CFR 820.30(c) Design input and ISO 13485:2003 7.2.3.a. Note 2: A common approach uses ISO 14971:2007 Annex C as the basis for the safety characteristics Note 3: For Usability Engineering considerations a common approach also uses IEC 62366:2007 Annex E for safety characteristics Note 4: IEC 62366:2007 is replaced by IEC 62366-1:2015. 8. Traceability of Identified Hazards [3.5] Select some identified hazards using an appropriate sampling plan. They should be representative of the kinds of hazards associated with the device and should be chosen at random. The number depends on the extent of the audit and the capacity available. The sampling plan is typically a convenience sample rather than one based on statistical methodology. For each identified hazard, determine that it is traceable to the risk analysis, the risk evaluation, the implementation of the risk control measures, the verification of the risk control measures, and the assessment of the acceptability of any residual risk. For each of these traceability elements, ensure the risk management file demonstrates conformance with both ISO 14971:2007 {EN ISO 14971:2012} and the manufacturer s procedures. 9. Hazard Identification [4.3] The RMF has documentation on known and foreseeable hazards in both normal and fault conditions. Each of these identified hazards is subject to traceability. Note: It would be best if the documentation classified the hazards using the dimensions known/foreseeable and normal/fault. 10. Risk Estimation [4.4] The RMF records the system used for qualitative or quantitative categorization of probability of occurrence of harm or severity of harm. Planning the Risk Management File Audit Page 3 of 8

The RMF records hazardous situations resulting from reasonably foreseeable sequences or combinations of events. The RMF identifies the harm associated with each hazardous situation. There is a risk estimate for each identified hazardous situation. The risk estimate uses the documented system for the probability of occurrence of harm and the severity of harm. Identify any hazardous situations for which the probability of the occurrence of harm cannot be estimated. In these cases, the RMF lists the possible consequences. 11. Risk Evaluation [5] The RMF contains an evaluation of the need for risk reduction for each hazardous situation. The evaluation uses the criteria defined in the Risk Management Plan; see ISO 14971:2007, 3.4.d. The RMF identifies any application of relevant standards as part of the device design criteria to meet the risk reduction requirements. Note: If there are relevant standards used, trace to the documentation that supports their use. This could include test reports, inspection reports, and implementation verification from ISO 14971:2007, 6.3. {For EN ISO 14971:2012 there is a need for risk reduction in all cases, regardless of the criteria in the Risk Management Plan.} 12. Risk Control Options [6.2] The RMF records the risk control measures to reduce the risk to an acceptable level. The risk control measures use the risk control options of 6.2 in priority order. o {EN ISO 14971:2012 changes the first risk control option from inherent safety by design to inherently safe design and construction.} o {EN ISO 14971:2012 requires application of all risk controls measures even if the first or second option reduced the risk to an acceptable level} If the required risk control options are not practicable, there is a documented risk/benefit analysis of the residual risk. Planning the Risk Management File Audit Page 4 of 8

13. Implementation of the Risk Control Measures [6.3] The RMF contains a record of the implementation verification of each risk control measure. The RMF contains a record of the effectiveness verification of each risk control measure. The verifications use the activities defined in the risk management plan. 14. Residual Risk Evaluation [6.4] The RMF contains a record of the evaluation of any residual risk remaining after application of the risk control measures. The evaluation uses the criteria defined in the Risk Management Plan; see ISO 14971:2007, 3.4.d. For acceptable residual risks, the RMF contains a decision on which residual risk to disclose. For acceptable residual risks, the RMF describes or points to the information in the accompanying documents to disclose the residual risks Note: During the audit, trace forward to the accompanying documents to verify they contain the information to disclose the residual risks. {For EN ISO 14971:2012, disclose any residual risk for each individual risk.} 15. Risk/benefit analysis [6.5] The RMF contains a record of the evaluation of any residual risk remaining after application of the risk control measures. For unacceptable residual risks, where further risk control is not practicable, the RMF contains a risk/benefit analysis. For residual risks that are demonstrated to be outweighed by the benefits, the RMF contains a decision on which residual risk to disclose. For residual risks that are not demonstrated to be outweighed by the benefits, the RMF contains an acknowledgement that the risk remains unacceptable. Note: ISO 14971:2007 says, For risks that are demonstrated to be outweighed by the benefits, the manufacturer shall decide which information for safety is necessary to disclose the residual risk. However, this is a mistake since information for safety does not disclose residual risk. {For EN ISO 14971:2012, there is a risk/benefit report for each individual risk.} Planning the Risk Management File Audit Page 5 of 8

16. Risks Arising from Risk Control Measures [6.6] The RMF contains evidence of review of the risk control measures to determine if they introduced any new hazards or hazardous situations. The RMF contains evidence of review of the risk control measures to determine if they affect the estimated risk of previously identified hazardous situations. 17. Completeness of Risk Control [6.7] The RMF contains evidence that the risks from all hazardous situations are considered. Check all hazardous situations to verify evaluation of the residual risk: a) the residual risk is acceptable or b) the residual risk is unacceptable and there is a risk/benefit analysis For every risk/benefit analysis either: b1) the benefit outweighs the risk or b2) the benefit does not outweigh the risk In case b2) determine how the manufacturer handled the situation, since, by the initial RMF selection, the device is on the market. 18. Evaluation of Overall Residual Risk Acceptability [7] The RMF contains an evaluation of the overall residual risk posed by the medical device. The evaluation uses the criteria defined in the Risk Management Plan; see ISO 14971:2007, 3.4.d. For acceptable overall residual risk, the RMF contains a decision on which information is necessary to disclose overall residual risk. For acceptable overall residual risks, the RMF describes or points to the information in the accompanying documents to disclose the residual risks. For unacceptable overall residual risks the RMF contains a risk/benefit analysis. For overall residual risks that are demonstrated to be outweighed by the benefits, the RMF contains a decision that the overall residual risk is acceptable. For risks that are not demonstrated to be outweighed by the benefits, the RMF contains an acknowledgement that the risk remains unacceptable. Note: During the audit, trace forward to the accompanying documents to verify they contain the information to disclose the overall residual risk. {For EN ISO 14971:2012, disclose the overall residual risk.} Planning the Risk Management File Audit Page 6 of 8

19. Review the Risk Management Report [8] The manufacturer assigned the responsibility to review the risk management process to persons having the appropriate authority as defined in the Risk Management Plan, ISO 14971:2007, 3.4.b. The RMF records the results of the review in the Risk Management Report. Verify that the report covers the required elements: the risk management plan has been appropriately implemented the overall residual risk is acceptable appropriate methods are in place to obtain relevant production and post-production information 20. Production Information Collection and Review [9] The RMF records that the manufacturer established, documented, and maintains a system to collect and review production information. For a company with an associated QMS, verify the system satisfies 21 CFR 820.100(a)(1) or ISO 13485:2003, 8.2 and 8.4. Using the production information collection system, determine a sampling plan for data and records related to production information. For each identified production information data source, sample an appropriate number of records and trace them to the review process. The sampling plan should include the results of validated processes, especially when process validation is used as a protective measure in the manufacturing process [ISO 14971:2007, 6.2.b] The sampling plan should include the results of control and disposition of nonconforming product, especially when the nonconformance may relate to risk control measures [ISO 14971:2007, 6.2.b] The RMF records that the manufacturer evaluated the production information for possible relevance to safety including: Previously unrecognized hazards Previously unrecognized hazardous situations Unacceptable risk from a previously recognized hazardous situation The RMF records that if any of the above conditions exist, the manufacturer: Evaluated the impact on previous risk management activities Reviewed the risk management file for changes to residual risk or acceptability 21. Post-production Information Collection and Review [9] The RMF records that the manufacturer established, documented, and maintains a system to collect and review post-production information. Planning the Risk Management File Audit Page 7 of 8

For a company with an associated QMS, verify the system satisfies 21 CFR 820.100(a)(1) or ISO 13485:2003, 8.2 and 8.4. Using the post-production information collection system, determine a sampling plan for data and records related to post-production information. For each identified production information data source, sample an appropriate number of records and trace them to the review process. The sampling plan should include the results of complaints The sampling plan should include the results of regulatory agency activities such as FDA s TPLC reports The RMF records that the manufacturer evaluated the post-production information for possible relevance to safety including: Previously unrecognized hazards Previously unrecognized hazardous situations Unacceptable risk from previously recognized hazardous situation The RMF records that if any of the above conditions exist, the manufacturer: Evaluated the impact on previous risk management activities Reviewed the risk management file for changes to residual risk or acceptability Planning the Risk Management File Audit Page 8 of 8

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback